Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2025, 23:07

General

  • Target

    JaffaCakes118_67bf34a2c6c54fd8a180415b5a59dd4f.dll

  • Size

    88KB

  • MD5

    67bf34a2c6c54fd8a180415b5a59dd4f

  • SHA1

    d180c8ba3cd3bfbc90faa5eba4c465baa088af03

  • SHA256

    422f07bacd2d5f97847aa6b71d02e8e0db54b4d9d2fa4e6a9b99063eafc5ac45

  • SHA512

    fdc19ec971ce34fdea982d29fa238b71682d0b1e1fa1342ada94fc4c2b255e15ad6175af56756ba436a5a3dc445968c31e51e489dee39358b49c99c8fb8b02df

  • SSDEEP

    1536:0Im31WEbcOdeTIDehycWC/f74eU3XBZsU9t2reOv3/Bk:0d1cIeTIKhyBCn74eWXBZsU9tueOv3/G

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67bf34a2c6c54fd8a180415b5a59dd4f.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67bf34a2c6c54fd8a180415b5a59dd4f.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads